chore(deps): bump fastmcp from 2.12.5 to 2.14.4

[dependabot]

Bumps fastmcp from 2.12.5 to 2.14.4.

Release notes

Sourced from fastmcp's releases.

v2.14.4: Package Deal

This patch release fixes a fresh install bug where the packaging library was previously installed as a transitive dependency but is no longer—causing an import error on fresh installs without dev dependencies. Also includes a pydocket version pin to avoid Redis connection noise in tests, plus backports from 3.x for $ref dereferencing in tool schemas and the task capabilities location fix.

What's Changed

Enhancements 🔧

• Add release notes for v2.14.2 and v2.14.3 by @​jlowin in jlowin/fastmcp#2851

Fixes 🐞

• Backport: Dereference $ref in tool schemas for MCP client compatibility by @​jlowin in jlowin/fastmcp#2861
• Fix task capabilities location (issue #2870) by @​jlowin in jlowin/fastmcp#2874
• Add missing packaging dependency by @​jlowin in jlowin/fastmcp#2989

Full Changelog: jlowin/fastmcp@v2.14.3...v2.14.4

v2.14.3: Time After Timeout

This patch release fixes an HTTP transport timeout bug where connections were defaulting to 5 seconds instead of respecting MCP's 30-second default, causing premature timeouts for slower operations. Also includes OAuth token storage fixes, Redis key isolation for ACL compliance, and improved ContextVar propagation for ASGI-mounted servers. Plus, the CLI will now nudge you when updates are available (you're welcome, future you).

What's Changed

Enhancements 🔧

• Add debug logging for OAuth token expiry diagnostics by @​jlowin in jlowin/fastmcp#2789
• Add CLI update notifications by @​jlowin in jlowin/fastmcp#2839
• Use pip instead of uv pip in upgrade instructions by @​jlowin in jlowin/fastmcp#2841

Fixes 🐞

• Backport OAuth token storage TTL fix to release/2.x by @​jlowin in jlowin/fastmcp#2798
• Prefix Redis keys with docket name for ACL isolation (2.x backport) by @​chrisguidry in jlowin/fastmcp#2812
• Fix ContextVar propagation for ASGI-mounted servers with tasks by @​chrisguidry in jlowin/fastmcp#2843
• Fix HTTP transport timeout defaulting to 5 seconds by @​jlowin in jlowin/fastmcp#2848

Full Changelog: jlowin/fastmcp@v2.14.2...v2.14.3

v2.14.2: Port Authority

FastMCP 2.14.2 brings a wave of community contributions safely into the 2.x line. A variety of important fixes backported from 3.0 work improve OpenAPI 3.1 compatibility, MCP spec compliance for output schemas and elicitation, and correct a subtle base_url fallback issue. The CLI now gently reminds you that FastMCP 3.0 is on the horizon.

What's Changed

Enhancements 🔧

• Pin MCP under 2.x by @​jlowin in jlowin/fastmcp#2709
• Add auth_route parameter to SupabaseProvider by @​EloiZalczer in jlowin/fastmcp#2760
• Update CLI banner with FastMCP 3.0 notice by @​jlowin in jlowin/fastmcp#2765

Fixes 🐞

• Let FastMCPError propagate unchanged from managers by @​jlowin in jlowin/fastmcp#2697
• Fix test cleanup for uvicorn 0.39+ context isolation by @​jlowin in jlowin/fastmcp#2696
• Bump pydocket to 0.16.3 to fix worker cleanup race condition by @​chrisguidry in jlowin/fastmcp#2700
• Fix Prefect website URL in docs footer by @​mgoldsborough in jlowin/fastmcp#2705

... (truncated)

Commits

• ab935b3 Add missing packaging dependency (#2989)
• 0e5677c Merge pull request #2874 from jlowin/fix-task-capabilities-2.x
• b0b6826 Add type ignores for extra_data kwargs
• ed72c4b Fix type: use TasksCallCapability instead of dict
• dec3c6d Fix task capabilities location (issue #2870)
• bc2f601 Backport: Dereference $ref in tool schemas for MCP client compatibility (#2861)
• 559b778 Add release notes for v2.14.2 and v2.14.3 (#2851)
• e600570 Fix HTTP transport timeout defaulting to 5 seconds (#2848)
• 9e86dbc Merge pull request #2843 from jlowin/debug-task-lifecycle
• 964b23b Merge branch 'release/2.x' into debug-task-lifecycle
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

---

[devin-ai-integration]

✅ Devin Review: No Issues Found

Devin Review analyzed this PR and found no potential bugs to report.

View in Devin Review to see 2 additional flags.